Implementing Onboarding in SAP Asset Performance Management

Administrator

The person responsible for managing the subaccount and its settings.

Reliability Engineer

A user role within SAP Asset Performance Management, primarily concerned with viewing and accessing applications to ensure the reliability and maintenance of assets.

Entitlements

Specific rights or features assigned to a subaccount, allowing the use of SAP Asset Performance Management.

Role-Based Access Control (RBAC)

A method of regulating access to a system by assigning roles to users based on their responsibilities and ensuring they have the appropriate permissions.

Role Collections

A set of roles grouped together to streamline the assignment of permissions to users based on their job functions.

Fine-grained Role Templates

Detailed templates that define specific actions or operations a user can perform within the system.

Attribute-based Access Control (ABAC)

A method of controlling access by using policies that evaluate attributes (user, resource, environment) and determine a user's permissions based on those attributes.

Video Summary

Join Jessica Martin, an SAP consultant, on her journey to master integration within SAP Asset Performance Management. Learn about subscribing to SAP Asset Performance Management, integrating S4 HANA, leveraging IoT, and optimizing system performance.

In this Lesson, you will go through the onboarding steps of SAP Asset performance management (Cloud SaaS solution). Pre-requisites for onboarding SAP Asset performance management are listed below: 

• You've purchased the license for the solution that you want to consume. 
• You've created a subaccount in your global account. 
• You're the administrator for the subaccount.  

Once the above prerequisites are met, navigate to your BTP global account and find the entitlements. Assign the entitlements to the desired sub-account. 

Video Summary

Learn how to subscribe to SAP Asset Performance Management in this video tutorial. Follow along as Ryan guides you through the process and explains each step. Tags: SAP, Asset Performance Management, subscription, tutorial, guide.

Once the entitlement is added, Subscribe to SAP Asset Performance Management application (FLP) & business service (API) in the relevant subaccount. 

Once the entitlement is added, Subscribe to SAP Asset Performance Management application (FLP) & business service (API) in the relevant subaccount.

Access Asset performance management by selecting Go to application.

Video Summary

Learn how to create a role collection in SAP Asset Performance Management. Follow along as Brian guides you through the process of assigning roles and managing user access.

SAP Asset Performance Management provides authorization by two means: 

• Role Based Access Control - Actions or operations that an authenticated user is allowed to perform in the system.
• Fine-grained Role Templates provides full control to customers.

Sample Role Templates:

• TechnicalObject_Read
• Indicator_Create
• RiskCriticalityAssessment_Publish
• Rules_Delete

Business object instances that the user is allowed to access while performing the actions in the system, like Technical Objects of Company Code 0076.

The Role Template to Map IdP Attributes is: AccessControlAttributeProvider.

Supported Attributes are: CompanyCode, CostCenter, MaintenancePlant, MaintenancePlanningPlant, AuthorizationGroup.

In SAP Asset Performance Management, we recommend creating standard role collections for the following users:

• Reliability Engineer 
• Administrator 

The majority of the roles that are included in this role collection give you the permission to view and access applications on the SAP Fiori launchpad 

The majority of the roles that are included in this role collection give you the permission to view and access applications on the SAP Fiori launchpad, and in addition to view, create, update, or delete contents in the applications.

Below you find the flow of authorizations in SAP Asset Performance Management. 

Video Summary

Learn how to use the Attribute Based Access Control Role Template in SAP Asset Performance Management to control data access for individual users. See how to configure role attributes and create specific roles.

Subscribing to the Application 

Creating Role Collections 

Take a moment to pause and think about a specific instance when you were tasked with adopting a new system at work. Think about the approach you took to learn and integrate this system into your daily tasks. When first introduced to the new system, what were your initial thoughts and feelings? Beyond just reacting, did you start to think about a systematic approach to tackle the learning curve? Reflect on how you planned to acquaint yourself with the system's functionalities relevant to your role.

How did you identify the aspects of the system that were most pertinent to your role? Consider the process you used to discern which features, tools, or data were essential for your daily tasks versus those that were peripheral. How did focusing on role-specific functionalities aid your learning process?

Finally, consider how this approach can be applied to refine task management and accelerate decision-making for different roles within your organization, such as a reliability engineer's use of the system.

Drawing from my experiences, a systematic and role-focused approach to learning new systems proved most effective. For instance, during a system implementation, specific user roles and permissions streamlined operations and safeguarded data, directly enhancing efficiency. 

In the context of SAP Asset Performance Management, such role-based and attribute-based access controls will likely refine task management and accelerate decision-making. For instance - a reliability engineer may not have need for the Rules capabilities; by setting up the role collections appropriately, the engineer is presented only with the data and applications needed to accomplish their job. 

The key point of this lesson is to understand the onboarding process for SAP Asset Performance Management including setting up access controls through Role-Based Access Control and Attribute-Based Access Control, as well as, managing role collections and permissions for different user roles within the system.